新网创想网站建设,新征程启航
为企业提供网站建设、域名注册、服务器等服务
专门针对任务管理器。
公司专注于为企业提供网站制作、做网站、微信公众号开发、成都商城网站开发,成都小程序开发,软件定制网站设计等一站式互联网企业服务。凭借多年丰富的经验,我们会仔细了解各客户的需求而做出多方面的分析、设计、整合,为客户设计出具风格及创意性的商业解决方案,创新互联更提供一系列网站制作和网站推广的服务。
思路:将kernel32的TerminateProcess的首字节改为HC3,使TerminateProcess失效。
Private Declare Function TerminateProcess Lib "kernel32" (ByVal hProcess As Long, ByVal uExitCode As Long) As Long
Private Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
Private Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
Private Declare Function CreateToolhelpSnapshot Lib "kernel32" Alias "CreateToolhelp32Snapshot" (ByVal lFlags As Long, ByVal lProcessID As Long) As Long
Private Declare Function ProcessFirst Lib "kernel32" Alias "Process32First" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long
Private Declare Function ProcessNext Lib "kernel32" Alias "Process32Next" (ByVal hSnapShot As Long, uProcess As PROCESSENTRY32) As Long '
Private Declare Function ShowWindow Lib "user32" (ByVal hwnd As Long, ByVal nCmdShow As Long) As Long
Private Declare Function GetModuleHandle Lib "kernel32" Alias "GetModuleHandleA" (ByVal lpModuleName As String) As Long
Private Declare Function GetProcAddress Lib "kernel32" (ByVal hModule As Long, ByVal lpProcName As String) As Long
Private Const TH32CS_SNAPPROCESS = H2
Private Const TH32CS_SNAPheaplist = H1
Private Const TH32CS_SNAPthread = H4
Private Const TH32CS_SNAPmodule = H8
Private Const TH32CS_SNAPall = TH32CS_SNAPPROCESS + TH32CS_SNAPheaplist + TH32CS_SNAPthread + TH32CS_SNAPmodule
Private Const MAX_PATH As Integer = 260
Private Const PROCESS_ALL_ACCESS = H100000 + HF0000 + HFFF
Private Type PROCESSENTRY32
dwSize As Long
cntUseage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
swFlags As Long
szExeFile As String * 1024
End Type
Private Sub AntiKill()
On Error Resume Next
Dim MySnapHandle As Long
Dim hProcess As Long
Dim ProcessInfo As PROCESSENTRY32
Dim Addr As Long, hMod As Long
Dim ASM(0) As Byte
Dim sProcess As String
ASM(0) = HC3 'retn
hMod = GetModuleHandle("kernel32")
Addr = GetProcAddress(hMod, "TerminateProcess")
'Debug.Print Hex(Addr)
MySnapHandle = CreateToolhelpSnapshot(TH32CS_SNAPPROCESS, 0)
ProcessInfo.dwSize = Len(ProcessInfo)
If ProcessFirst(MySnapHandle, ProcessInfo) 0 Then
Do
sProcess = Left(LCase(ProcessInfo.szExeFile), InStr(ProcessInfo.szExeFile, ".") + 3)
If sProcess = "taskmgr.exe" Then
hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessInfo.th32ProcessID)
'Debug.Print hProcess
WriteProcessMemory hProcess, ByVal Addr, ByVal VarPtr(ASM(0)), 1, 0
'Debug.Print Err.LastDllError
CloseHandle hProcess
End If
Loop While ProcessNext(MySnapHandle, ProcessInfo) 0
End If
CloseHandle MySnapHandle
Err.Clear
End Sub
在SystemEvents类中 可以 用户试图注销或关闭系统时发生。 (当用户试图注销或关闭系统时发生。当用户试图注销或关闭系统时发生。) 这个 事件处理函数中 可以找到如下方法
Private Shared WM_QUERYENDSESSION As Integer = H11
Private Shared systemShutdown As Boolean = False
Protected Overrides Sub WndProc(ByRef m As System.Windows.Forms.Message)
If m.Msg = WM_QUERYENDSESSION Then
'MessageBox.Show("queryendsession: this is a logoff, shutdown, or reboot")
systemShutdown = True
End If
' If this is WM_QUERYENDSESSION, the closing event should be raised in the base WndProc.
MyBase.WndProc(m)
End Sub 'WndProc
Private Sub Form1_Closing(ByVal sender As System.Object, ByVal e As System.ComponentModel.CancelEventArgs) Handles MyBase.Closing
If (systemShutdown) Then
' Reset the variable because the user might cancel the shutdown.
systemShutdown = False
If (System.Windows.Forms.DialogResult.Yes = _
MessageBox.Show("My application", "Do you want to save your work before logging off?", MessageBoxButtons.YesNo)) Then
e.Cancel = True
Else
e.Cancel = False
End If
End If
End Sub
绑定窗体的FormClosing事件,执行e.Cancel = True即可。
如果你不想在任务栏上显示窗体,把窗体的ShowOnTaskbar设为False。